Authenticating method and apparatus

ABSTRACT

A reproducing apparatus and method are provided to reproduce an interactive content requiring authentication from a recording medium such as a disc or a remote server, via the Internet. An authenticating method employed at a remote server includes: (a) transmitting program codes for performing authentication to a reproducing apparatus in response to a request of content requiring the authentication from the reproducing apparatus; (b) receiving identification information for the authentication, which is transmitted as a result of executing the program codes in the reproducing apparatus, from the reproducing apparatus and performing the authentication; and (c) if the authentication is successful, transmitting the requested content to the reproducing apparatus, and if the authentication is not successful, transmitting a message notifying the authentication failure to the reproducing apparatus. As a result, only a function of reading data recorded on a disc according to a disc type is required without supporting a new method for disc authentication required by a content provider whenever a disc with a new format is produced or whenever a content format is developed. A reproducing apparatus can download a desired content from various servers after authentication without having to support various authenticating methods.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of PCT International PatentApplication No. PCT/KR2004/001008, filed Apr. 30, 2004, Korean PatentApplication No. 2003-28039, filed May 1, 2003, in the KoreanIntellectual Property Office, and Korean Patent Application No.2003-66023, filed Sep. 23, 2003, in the Korean Intellectual PropertyOffice, the disclosures of which are incorporated by reference herein.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an apparatus and method for reproducinginteractive contents produced using a markup language, and moreparticularly, to a reproducing apparatus and method for downloading orreading interactive contents from a recording medium such as a disc, orvia a network such as the Internet.

2. Related Art

Conventional information for identifying contents recorded on arecording medium such as a disc (e.g., CD, CD-R, CD-RW, DVD, DVD+R/RW,and DVD-R/RW) or via an Internet server is not particularly defined.Therefore, in a conventional authenticating method, a reproducingapparatus (i.e., a disc player) authenticates a disc as an authorizedcopy by directly identifying the disc. That is, contents recorded on aCD are identified by a track running time and the number of tracks,contents recorded on a DVD-VIDEO are identified by the number of titles,the number of chapters, and reproducing times of the titles, andcontents recorded on a DVD-AUDIO are identified by the number of albums,the number of groups, the number of tracks, and track running time.Also, only after authentication of a server is successful, apredetermined content can be downloaded from the server.

However, according to the conventional authenticating method, whenever acontent format is changed, a reproducing apparatus must recognize newidentification information and authenticate discs on the basis of theidentification information. However, different companies providingcontents (for example, CDDB) utilize different content authenticationmethods to recognize new identification information and authenticatediscs on the basic of the identication. As a result, it is nearlyimpossible for a reproducing apparatus to support all the contentauthentication methods.

Likewise, the same problem applies to contents existing on Internetservers. That is, to download predetermined contents from a plurality ofservers, via the Internet, employing different authenticating methods, areproducing apparatus must also support different authenticating methodsemployed by the different servers, via the Internet.

SUMMARY OF THE INVENTION

Various aspects and embodiments of the present invention advantageouslyprovide an authenticating method for a reproducing apparatus, which canbe used when a predetermined content is read from a disc or downloadedfrom an Internet server which uses a plurality of authenticationmethods.

The present invention also provides a method of performing anauthentication by using an encrypting/decrypting algorithm determined bya server on the Internet when a predetermined content is requested as anencrypting/decrypting algorithm for the authentication and not definingthe encrypting/decrypting algorithm used for the authentication inadvance when a reproducing apparatus reading or downloading contentsfrom a disc or an Internet server requests the predetermined contentfrom the Internet server.

According to an aspect of the present invention, there is provided anauthenticating method comprising: (a) transmitting program codes forperforming authentication to a reproducing apparatus in response to arequest of content requiring authentication from the reproducingapparatus; (b) receiving identification (ID) information forauthentication, which is transmitted as a result of executing theprogram codes in the reproducing apparatus, from the reproducingapparatus, and performing the authentication; and (c) if theauthentication is not successful, transmitting a requested content tothe reproducing apparatus, and if the authentication is not successful,transmitting a message notifying an authentication failure to thereproducing apparatus.

It is preferable that step (a) comprises transmitting an authenticationmarkup document as the program codes, and particularly, transmitting theprogram codes using an HTTP error code such as an HTTP error code 401along with an authentication markup document.

According to another aspect of the present invention, there is providedan authenticating method comprising: (a) transmitting identification(ID) information for authentication to a server, via a network, afterexecuting program codes received from the server; and (c) if theauthentication is successful, receiving a requested content from theserver, and if the authentication is not successful, receiving a messagenotifying an authentication failure from the server.

It is preferable that step (a) comprises extracting predeterminedinformation including a type of a disc and a pattern of content recordedon the disc, from the disc, after executing the program codes andtransmitting the extracted information to the server, via a network.

According to another aspect of the present invention, a reproducingapparatus comprises: a reader to read data from a disc; a buffer tostore the data read from the reader; and a controller for controllingthe reader to read data from the disc, the controller including apresentation engine to provide a user interface and access to a server,via a network, wherein the presentation engine transmits identificationinformation for authentication to the server, via the network, byexecuting program codes received from the server, and if theauthentication is successful, receives a requested content from theserver, via the network, for a visual display on a screen, and if theauthentication is not successful, receives a message notifying anauthentication failure from the server, via the network, for a visualdisplay on the screen.

It is preferable that the presentation engine extracts predeterminedinformation including a type of a disc and a pattern of content recordedon the disc, from the disc, after executing the program codes andtransmits the extracted information to the server, via the network andparticularly, supports an API for executing an authentication markupdocument as the program codes.

According to yet another aspect of the present invention, anauthenticating method in a server comprises: receiving a content requestand a content ID of a desired content from a reproducing apparatus, viaa network; generating an index number; encrypting authenticationquestion information corresponding to the index number using anencryption key corresponding to the content ID; transmittingpredetermined authentication data including the encrypted authenticationquestion information and the index number to the reproducing apparatus,via the network; and receiving authentication answer information that isa result of a predetermined decryption and the index number from thereproducing apparatus, and performing the authentication.

According to yet another aspect of the present invention, anauthenticating method in a reproducing apparatus comprises: requesting adesired content from a server and transmitting a content ID of thedesired content to the server, via a network; receiving predeterminedauthentication data including encrypted authentication questioninformation and an index number from the server, via the network;generating a decryption key by applying a one way function to a titlekey corresponding to the content ID and the index number; generatingauthentication answer information by decrypting the encryptedauthentication question information using the decryption key; andtransmitting the authentication answer information and the index numberto the server, via the network.

In addition to the example embodiments and aspects as described above,further aspects and embodiments of the present invention will beapparent by reference to the drawings and by study of the followingdescriptions.

BRIEF DESCRIPTION OF THE DRAWINGS

A better understanding of the present invention will become apparentfrom the following detailed description of example embodiments and theclaims when read in connection with the accompanying drawings, allforming a part of the disclosure of this invention. While the followingwritten and illustrated disclosure focuses on disclosing exampleembodiments of the invention, it should be clearly understood that thesame is by way of illustration and example only and that the inventionis not limited thereto. The spirit and scope of the present inventionare limited only by the terms of the appended claims. The followingrepresents brief descriptions of the drawings, wherein:

FIG. 1 is a conceptual diagram of an authenticating process according toan embodiment of the present invention;

FIG. 2 is a block diagram of an example reproducing apparatus accordingto an embodiment of the present invention;

FIG. 3 is a reference diagram for illustrating an authenticating processusing images on a displayer according to an embodiment of the presentinvention;

FIG. 4 is a flowchart of an authenticating method according to anembodiment of the present invention;

FIG. 5 is a conceptual diagram of an authenticating process according toanother embodiment of the present invention; and

FIG. 6 is a flowchart of an authenticating method according to anotherembodiment of the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

The present invention is applicable for use with all types ofcomputer-readable media, reproducing apparatuses, computer systemsimplemented methods described according to various embodiments of thepresent invention, contents available in many well-known documentmark-up languages such as, for example, hypertext mark-up language(HTML) and extensible HTML (XML) transmitted via networks andtransmission protocols, such as hypertext transfer protocol (HTTP) (asdefined by RFC 2616), used for transfer such contents betweeninterconnected systems in such networks. Reference will now be made indetail to the various aspects and embodiments of the present invention,examples of which are illustrated in the accompanying drawings, whereinlike reference numerals refer to the like elements throughout. Thevarious aspects and embodiments are described below in order to explainthe present invention by referring to the figures.

Turning now to FIG. 1, a conceptual diagram of an authenticating processbetween an example reproducing apparatus and an Internet serveraccording to an embodiment of the present invention is illustrated.Referring to FIG. 1, a reproducing apparatus 1 requests a predeterminedcontent from a server 2, via the Internet, by transmitting a GET requestbased on an HTTP protocol (RFC2616) in step {circle around (1)}. If thereproducing apparatus 1 has not gotten a required authentication, theserver 2 transmits an authentication markup document for theauthentication along with an HTTP error code 401 to the reproducingapparatus 1, via the Internet, in step {circle around (2)}. A completelisting of HTTP error codes can be found pursuant to Internet RFC 2616.For example, a HTTP error code 401 represents an error messageindicating that authorization has been refused and authentication isrequired. The reproducing apparatus 1 executes the receivedauthentication markup document. The authentication markup document is acomputer program installed and executed in the reproducing apparatus 1for performing an authenticating process. In accordance with variousembodiments of the present embodiment, the authentication markupdocument includes Javascript codes for authentication. As a result ofexecuting the authentication markup document, identification informationrequired for the authentication is generated, and the generatedidentification information is transmitted to the server 2, via theInternet, along with the GET request in step {circle around (3)}. Theserver 2 performs the authentication, i.e., authenticate a user at thereproducing apparatus 1 before granting access to a desired content, bychecking the received identification information, and transmits theauthentication result to the reproducing apparatus 1, via the Internet,in step {circle around (4)}.

In step {circle around (1)}, the following example HTTP header istransmitted from the reproducing apparatus 1 to the server 2, via theInternet:

GET/propriatematerial.cgi HTTP/1.0

Date: Fri, 20 Sep. 1996 08:20:58 GMT

Connection: Keep-Alive

User-Agent: ENAV 1.0(SDP-100).

In step {circle around (2)}, an HTTP header and an authentication markupdocument are transmitted from the server 2 to the reproducing apparatus1, via the Internet. Here, a server authentication request number can beincluded using a cookie to prevent the reproducing apparatus 1 frombeing emulated as if the reproducing apparatus 1 got the authentication.

The example HTTP header is as follows:

HTTP/1.0 401 Unauthorized

Date: Fri, 20 Sep. 1996 08:20:58 GMT

Server: ENAV 1.0(NCSA/1.5.2)

Last-modified: Fri, 20 Sep. 1996 08:17:58 GMT

Content-type: text/xml+html

Content-length: 200

Set-Cookie: server_req=“12345098761234509876”; Version=“1”; Path=“/”

The example authentication markup document is as follows: <html> <head><title>Authentication is required</title> </head> <body> <object data=”dvd://video_ts/video_ts.ifo” id=” player” /> <script src=”cookieutil.js” language=” Javascript” /> <script language=” Javascript”/> seed = 100123; setCookie( “hashkey” ,player.getHashKey(seed);setCookie( “authoringtype” ,player.authoringType); setCookie( “disctype”,player.discType); location.herf = “propriatematerial.cgi” ; </script></body> </html>

In step {circle around (3)}, the following example HTTP header istransmitted from the reproducing apparatus 1 to the server 2, via theInternet:

GET/propriatematerial.cgi HTTP/1.0

Date: Fri, 20 Sep. 1996 08:20:58 GMT

Connection: Keep-Alive

User-Agent: ENAV 1.0(SDP-100)

Cookie:$Version=“1”;

server_req=“12345098761234509876”; $Path=“/”

hashkey=“123AB1234”; $Path=“/”

disctype=“1”; $Path=“/”

In step {circle around (4)}, an HTTP header and a markup documentnotifying an authentication success or an authentication failure aretransmitted from the server 2 to the reproducing apparatus 1, via theInternet. Here, the server 2 can insert an access identifier verifyingauthentication in a next access in the HTTP header using the cookie, andtransmit the HTTP header including the access identifier to thereproducing apparatus 1.

The example HTTP header is as follows:

HTTP/1.0 200 Forbidden

Date: Fri, 20 Sep. 1996 08:20:58 GMT

Server: ENAV 1.0(NCSA/1.5.2)

Last-modified: Fri, 20 Sep. 1996 08:17:58 GMT

Content-type: text/xml+html

Content-length: 83

Set-Cookie: server_req=“12345098761234509876”; Version=“1”; Path=“/”

The example markup document notifying the authentication failure is asfollows: <html> <head> <title>Access denied</title> </head> <body> Theaccess is denied because of using illegal disc. </body> </html>

The example markup document notifying the authentication success is asfollows: <html> <head> <title>Access accepted</title> </head> <body> Theaccess is accepted because of using legal disc. </body> </html>

As described above, according to the present invention, theauthentication markup document for performing only the authenticationand not for being displayed on a screen is transmitted from the server 2to the reproducing apparatus 1. When the HTTP protocol is used, it ispreferable that the HTTP error code 401 is used. However, othertransmission protocols and corresponding error codes can also be used.

FIG. 2 is a block diagram of an example reproducing apparatus 1according to an embodiment of the present invention.

Referring to FIG. 2, the reproducing apparatus 1 includes a disc 10, areader 11, a buffer 12, a controller 13, and a displayer 14. Apresentation engine 15 is included in the controller 13. Thepresentation engine 15 is connected to the server 2, via the Internet,and executes an authentication markup document downloaded from theserver 2 for performing authentication according to the presentinvention. That is, the presentation engine 15 includes an analysisengine for analyzing the markup document and a script program includedin the markup document, and a browser for downloading a predeterminedcontent from the server 2 when connected to the server 2, via theInternet. Standard web browsers such as Microsoft Internet Explorer,Netscape Navigator can be incorporated into the presentation engine 15to provide the user interface and to access the server 2, via theInternet.

The reader 11 reads contents recorded on a disc 10 and provides thecontents to the buffer 12 for temporary storage, according to thecontroller 13. The buffer 12 buffers the contents provided from thereader 11, or the contents transmitted from the server 2 via thepresentation engine 15. If the authentication is successful, thedisplayer 14 displays the contents transmitted from the server 2, and ifthe authentication is not successful, the displayer 14 displays amessage notifying the authentication failure.

The presentation engine 15 supports the following example API forexecuting the authentication markup document. The API is used to extractidentification information for authentication from the disc 10.

1. [obj].discType

1) contents:

indicate a disc type.

2) return value:

0=Compact Disc

1=DVD-ROM

2=DVD-R

3=DVD-RAM

4=DVD-RW

5=DVD+RW

2. [obj].authoring Type

1) contents:

indicate an authoring type.

2) return value:

0=CDDA

1=DVD-Video

2=DVD-Audio

3. [obj].getHashKey(seed)

1) contents:

read information on a disc 10 according to seed and a disc type.

2) parameter:

seed: CDDA—a time set by tracks of a TTHHMMSSFF pattern and partialvalue of a frame

DVD-Video—a 32-bit logical sector number and partial value intended toread in the sector

DVD-Audio—a 32-bit logical sector number and partial value intended toread in the sector

3) return value:

a value extracted at a directed position

CDDA—partial value of a frame

DVD-Video—partial value of data of a sector extracted from a logicalsector number

DVD-Audio—partial value of data of a sector extracted from a logicalsector number.

FIG. 3 is a reference diagram for illustrating an authentication processutilized by an example reproducing apparatus using images on thedisplayer according to an embodiment of the present invention.

Referring to FIG. 3, when a user uses a reproducing apparatus 1 to vieweither a predetermined content recorded on a disc 10 in step {circlearound (1)}, or a predetermined content downloaded from the server 2,via the Internet in step {circle around (2)}, such a predeterminedcontent is displayed on a screen of the displayer 14. If the user wantsto view other content requiring authentication, a button displayed on ascreen of the displayer 14 requesting a desired content can be pushed instep {circle around (3)}. A desired content requiring authentication canbe recorded on a disc 10 or stored in a server 2. Upon receipt of theuser's request, an authentication markup document for the authenticationaccording to the present invention is transmitted from the server 2 tothe reproducing apparatus 1, via the Internet in step {circle around(4)}. Authentication is performed at the reproducing apparatus 1 byprocessing the authentication markup document therein. The reproducingapparatus 1 then transmits identification information for authenticationback to the server 2, via the Internet. If the authentication issuccessful, the user at the reproducing apparatus 1 is authorized toaccess the desired content, and the desired content is downloaded fromthe server 2, via the Internet, and displayed on the screen of thedisplayer 14 on the reproducing apparatus 1 in step {circle around (5)}.However, if the authentication is not successful, the user at thereproducing apparatus 1 is not authorized to access the desired content,and a message notifying the authentication failure is displayed on thescreen of the displayer 14 on the reproducing apparatus in step {circlearound (6)}. An example warning message such as “This disc is an illegalcopy”, as shown in FIG. 3, can be displayed to notify such anauthentication failure.

An authenticating method according to an embodiment of the presentinvention will now be described on the basis of the constructiondescribed above.

FIG. 4 is a flowchart of an authenticating method utilized by an examplereproducing apparatus according to an embodiment of the presentinvention.

Referring to FIG. 4, a markup document designated as an initial documentis read in step 401. The markup document is displayed on a screen of thedisplayer 14 on a reproducing apparatus 1, and interaction with a useris permitted with the displayed markup document in step 402. During theinteraction, the reproducing apparatus 1 determines if the user requeststo display other content in step 403. In this situation, the othercontent can be available from a disc 10, or alternatively, from a remoteserver 2, via the Internet. If the requested content is recorded on adisc 10, the requested content is read from the disc 10 in step 404.However, if the requested content is stored in the server 2, via theInternet, such a content is then requested from the server 2 in step405. If authentication is required to access the content, the server 2transmits an authentication markup document to the reproducing apparatus1 for authentication. However, if authentication is not required, therequested content can be accessed and downloaded directly from theserver 2, via the Internet.

Therefore, upon making a request for content at the server 2, thereproducing apparatus 1 determines if an authentication markup documentis received from the server 1 in step 406. If an authentication markupdocument is received from the server 2 indicating that authentication isrequired before the requested content can be accessed and downloadedfrom the server 2, the reproducing apparatus 1 requests theauthentication from the server 2 by executing the authentication markupdocument without displaying the authentication markup document on ascreen of the displayer 14, as shown in FIG. 2, in step 407. If theauthentication is not successful in step 408, the reproducing apparatus1 provides a visual display of a message notifying the authenticationfailure on the screen of the displayer 14 in step 409. However, if theauthentication is successful, the server 2 downloads the content to thereproducing apparatus 1, and the reproducing apparatus 1 reproduces thedownloaded content in step 410.

Referring back to step 406, if an authentication markup document is notreceived from the server 2, the requested content is accessible withoutthe authentication, and the server 2 directly downloads the requestedcontent to the reproducing apparatus 1 without transmitting theauthentication markup document. The reproducing apparatus 1 reproducesthe content downloaded directly from the server 2, via the Internet, instep 410.

Hereinafter, the specific of authentication in a case where there is acontent request from the reproducing apparatus 1 to the server 2 in step405 of FIG. 4 will now be described.

FIG. 5 is a conceptual diagram of an authenticating process according toanother embodiment of the present invention.

Referring to FIG. 5, an authenticating method is achieved through dataexchange between the reproducing apparatus 1 and the server 2, via theInternet. The reproducing apparatus 1 reproduces a desired content byreading or downloading the interactive content from a disc 10 or aremote server 2, via the Internet. To do this, the reproducing apparatus1 includes a reader 11 for reading content from a disc 10, a buffer 12for buffering the content read by the reader 11, a controller 13 forcontrolling the reader 11 to read the content from the disc 10 or theremote server 2, via the Internet, and for performing an authenticatingprocess, in which a presentation engine 15 is activated to provide avisual display of the read content on a screen of the displayer 14, asshown in FIG. 2.

When a desired content is requested to be downloaded over the Internetdue to the absence of such a content on a disc 10, the reproducingapparatus 1 transmits a content request to the server 2, via theInternet, in step 501. At this time, a content ID of a desired contentis transmitted together with the content request in step 502.

Upon receipt of the content request and the content ID from thereproducing apparatus 1, the server 2 creates authentication data instep 503. The server 2 then transmits the authentication data to thereproducing apparatus 1 in step 504. Such authentication data includesencrypted authentication question information, an index number, and adecrypting method for authentication. The reproducing apparatus 1processes the authentication data, including performing a decryption forauthentication using the authentication data in step 505. Thereproducing apparatus 1 then transmits authentication answer informationthat is a result of the decryption and the index number to the server 2in step 506. The server 2 can transmit data representing a decryptingmethod to be performed by the reproducing apparatus 1 forauthentication, or program codes for the decryption (i.e.,authentication algorithms).

The program codes can be formed with a type to be directly performed inthe reproducing apparatus 1 or a markup document. The markup document isthe general term for documents written in a markup language, such asHTML and XML, and documents where source codes written in a scriptlanguage or a Java language are linked or inserted, and it is also usedto include all files linked to the markup document.

In order to confirm what a program type to be performed in thereproducing apparatus 1, data exchange between the server 2 and thereproducing apparatus 1 can be additionally performed. Since the programis executed in the controller 13, the reproducing apparatus 1 informsthe server 2 of what kind of types the controller 13 can analyze.

The authentication answer information is a result generated by executingthe authentication data transmitted from the server 2. The server 2receives the authentication answer information from the reproducingapparatus 1 and performs authentication of the user at the reproducingapparatus 1 based on the authentication answer information in step 507.The authentication answer information includes a result of decryptingthe encrypted authentication question information, and the server 2compares the authentication answer information received from thereproducing apparatus 1 and the authentication question informationcorresponding to the index number received from the reproducingapparatus 1 among a plurality of stored authentication questioninformation and confirms whether they are the same. The server 2completes the authentication of the requested content by transmitting aresult of the authentication to the reproducing apparatus 1 in step 508.

If the authentication is successful, the server 2 transmits a messagenotifying the authentication success followed by the content requestedby the reproducing apparatus 1 to the reproducing apparatus 1, and thereproducing apparatus 1 reproduces the requested content for a visualdisplay on a screen of the displayer 14.

FIG. 6 is a flowchart of an authenticating method according to anotherembodiment of the present invention.

Referring to FIG. 6, a process of generating authentication data in theserver 2 and generating authentication answer information in thereproducing apparatus 1 using the authentication data is described indetail herein below.

The server 2 receives a content ID (CID) from the reproducing apparatus1 in step 601, and generates an index number (ID) in step 610. The indexnumber (ID), which is a symbol corresponding to authentication questioninformation (M), is used to search the authentication questioninformation (M) when authentication data is generated in order tocompare authentication answer information (m) received from thereproducing apparatus 1 and the authentication question information (M).The index number (ID), which is one of numbers of authenticationquestion information stored in the server 2, can be designatedsequentially or randomly in response to each content request.

The server 2 generates an encryption key (Ka) by applying a one wayfunction to a title key (Ks) and the index number (ID) corresponding tothe content ID (CID) requested by the reproducing apparatus 1 in step612. The title key (Ks) uniquely corresponds to the content ID (CID) instep 611. The title key (Ks) is information that the server 2 and thereproducing apparatus 1 must have. The one way function means that thereexists a normal function, but not its inverse function. That is, theencryption key (Ka) can be generated from the title key (Ks) and theindex number (ID) using the one way function; however, the title key(Ks) cannot be extracted from the encryption key (Ka) and the indexnumber (ID).

Comparing the authenticating method of the present embodiment shown inFIG. 6 and a conventional authenticating method using a username andpassword, it can be seen that the content ID (CID) corresponds to theusername and the title key (Ks) corresponds to the password. Acharacteristic of the authenticating method of the present embodiment isthat the title key (Ks) corresponding to the password is not transmittedover the Internet. As information transmitted over the Internet, theindex number (ID), the authentication question information (M), and theauthentication answer information (m) are included. The index number(ID), the authentication question information (M) and the authenticationanswer information (m) are generated using the title key (Ks) and havedifferent values whenever authentication is performed. As a result, evenif an unauthorized user happens to know several authentication questioninformation and authentication answer information corresponding to theauthentication question information, a title key (Ks) corresponding to acontent ID (CID) is kept secret, and the unauthorized user cannot obtainan approval in response to a content request.

A portion of information of the requested content or certain data can beused as the authentication question information (M). Also, knowntechniques can be implemented to prevent an unauthorized user fromseeking authentication by using a very long character stream.

The server 2 encrypts the authentication question information (M) usingthe encryption key (Ka) in step 613, and generates encryptedauthentication question information ({M}Ka) in step 614. The server 2then transmits the encrypted authentication question information({M}Ka), the index number (ID), and information of a decryption function(IFN) to the reproducing apparatus 1, via the Internet, in step 615.

As the information of a decryption function (IFN), one of functions thatcan be executed by the reproducing apparatus 1 can be designated, ordecryption program codes that can be executed by the reproducingapparatus 1 can be used as they are. As described above, sinceencrypting and decrypting methods used for authentication of a contentrequest can be determined by a server when the authentication isperformed and are not determined in advance when a reproducing apparatusis manufactured, the reproducing apparatus can support variousauthenticating methods.

The reproducing apparatus 1 receives the encrypted authenticationquestion information ({M}Ka), the index number (ID), and the informationof the decryption function (IFN) from the server 2, via the Internet, instep 620, and generates a decryption key (Kb) by applying a one wayfunction to a title key (Kc) corresponding to the content ID (CID) andthe index number (ID) in step 630. Similar the one way function used inthe server 2, a function from which a title key (Kc) cannot be takenusing a decryption key (Kb) and an index number (ID) is, used as the oneway function used in the reproducing apparatus 1.

The reproducing apparatus 1 decrypts the encrypted authenticationquestion information ({M}Ka) received from the server 2 using thegenerated decryption key (Kb) to generate authentication answerinformation (m) in step 631. If an authorized user requests theauthentication using the reproducing apparatus 1, the authenticationanswer information (m) will be the same as the authentication questioninformation (M) used in the server 2.

The reproducing apparatus 1 transmits the authentication answerinformation (m) and the index number (ID) to the server 2, via theInternet, in step 640. The server 2 compares authentication questioninformation (M) corresponding to the index number (ID) and theauthentication answer information (m) transmitted from the reproducingapparatus 1 in step 641. As a result of the comparison, if theauthentication question information (M) and the authentication answerinformation (m) are the same, the server 2 approves the content requestby transmitting an authentication success message, and transmits adesired content to the reproducing apparatus 1 in step 643, and if theauthentication question information (M) and the authentication answerinformation (m) are not the same, the server 2 rejects the contentrequest by transmitting an authentication failure message in step 642.

The authenticating method of the present embodiment can be modified andapplied to the reproducing apparatus 1 and the server 2, when thereproducing apparatus 1 intends to authenticate whether the server 2from which content is downloaded is authorized, or when the reproducingapparatus 1 intends to confirm whether a downloaded content isauthorized. That is, the reproducing apparatus 1 generates predeterminedauthentication question information (M) and an index number (ID)corresponding to the predetermined authentication question information(M), performs each step performed by the server 2 as shown in FIG. 6,and transmits encrypted authentication question information (M), theindex number (ID), and information indicating a decrypting method to theserver 2. The server 2 performs each step performed by the reproducingapparatus 1 as shown in FIG. 6, and transmits authentication answerinformation and the index number (ID), which is a result of decryption,to the reproducing apparatus 1. The reproducing apparatus 1 can confirmwhether the server 2 is authorized by comparing the authenticationanswer information received from the server 2 and the authenticationquestion information corresponding to the index number.

The authenticating method described above can be written as computerprograms. Codes and code segments for forming the computer programs canbe easily construed by programmers skilled in the art to which thepresent invention pertains. The authenticating method is embodied bystoring the computer programs on computer readable recording media,reading the computer programs using a computer, and executing thecomputer programs. The computer readable recording media includemagnetic storage media, optical recording media, and storage media suchas carrier waves.

As described above, according to the present invention, by adding only afunction of reading data recorded on a disc according to a disc typewithout supporting a new method for disc authentication required by acontent provider whenever a disc with a new format is produced orwhenever content with a new format is developed, a reproducing apparatuscan download a predetermined content from various servers supportingvarious authenticating methods and performing the authentication withoutsupporting the various authenticating methods.

Accordingly, a user can determine whether a used disc 10 is anauthorized copy or an illegal copy. Also, the content provider canreceive financial benefits by providing the contents only to authorizedusers.

Furthermore, according to the present invention, since encrypting anddecrypting methods used for authentication of a content request can bedetermined by a server when the authentication is performed and are notdetermined in advance when a reproducing apparatus is manufactured, thereproducing apparatus can support various authenticating methods. Also,since only a result of performing encryption by applying a one wayfunction to a title key used as a password for authentication istransmitted over the Internet and the title key is not transmitted, itcan be prevented for an unauthorized user to be authenticated.

While the present invention has been particularly shown and describedwith reference to exemplary embodiments thereof, it will be understoodby those of ordinary skill in the art that various changes in form anddetails may be made therein without departing from the spirit and scopeof the present invention. For example, a reproducing apparatus can alsobe a personal computer (PC), a personal digital assistant (PDA), amobile phone or other wireless devices with wireless access to a remoteserver, via the Internet. A desired content requiring authentication canalso be recorded and retrieved directly from a disc; however,authentication can still be required either from a remote server, viathe Internet, or from the disc before full access can be granted. Inaddition, different authentication techniques and security algorithmscan be employed as long as authentication as described in connectionwith FIG. 5 and FIG. 6 is achieved. Similarly, the system controller canbe implemented as a chipset having firmware, or alternatively, a generalor special purposed computer programmed to implement methods asdescribed with reference to FIG. 1, FIG. 3, FIG. 4, FIG. 5 and FIG. 6.Accordingly, it is intended, therefore, that the present invention notbe limited to the various example embodiments disclosed, but that thepresent invention includes all embodiments falling within the scope ofthe appended claims.

1. An authenticating method comprising: (a) transmitting program codesfor performing authentication to a reproducing apparatus in response toa request of content requiring authentication from the reproducingapparatus; (b) receiving identification information for authentication,transmitted as a result of executing the program codes in thereproducing apparatus, from the reproducing apparatus, and performingthe authentication; and (c) if the authentication is successful,transmitting a requested content to the reproducing apparatus, and ifthe authentication is not successful, transmitting a message notifyingan authentication failure to the reproducing apparatus.
 2. The method asclaimed in claim 1, wherein step (a) comprises transmitting anauthentication markup document as the program codes.
 3. The method asclaimed in claim 1, wherein step (a) comprises transmitting an HTTPerror code along with an authentication markup document, as the programcodes.
 4. An authenticating method comprising: (a) transmittingidentification information for authentication to a server, via anetwork, after executing program codes received from the server; and (c)if the authentication is successful, receiving a requested content fromthe server, and if the authentication is not successful, receiving amessage notifying an authentication failure from the server.
 5. Themethod as claimed in claim 4, wherein step (a) comprises: extractingpredetermined information including a type of a disc and a pattern ofcontent recorded on the disc, from the disc after executing the programcodes and transmitting the extracted information to the server.
 6. Areproducing apparatus comprising: a reader to read data from a disc; abuffer to store data read from the reader; and a controller forcontrolling the reader to read data from the disc, the controllerincluding a presentation engine to provide a user interface and access aserver, via the Internet, wherein the presentation engine transmitsidentification information for authentication to the server by executingprogram codes received from the server, and if the authentication issuccessful, receives a requested content from the server, via theInternet, for a visual display on a screen, and if the authentication isnot successful, receives a message notifying an authentication failurefrom the server, via the Internet, for a visual display on the screen.7. The apparatus as claimed in claim 6, wherein the presentation engineextracts predetermined information including a type of a disc and apattern of content recorded on the disc from the disc after executingthe program codes and transmits the extracted information to the server,via the Internet.
 8. The apparatus as claimed in claim 6, wherein thepresentation engine supports an API for executing an authenticationmarkup document as the program codes.
 9. An authenticating method in aserver, comprising: (a) receiving a content request and a content ID ofa desired content from a reproducing apparatus, via a network; (b)generating an index number; (c) encrypting authentication questioninformation corresponding to the index number using an encryption keycorresponding to the content ID; (d) transmitting predeterminedauthentication data including the encrypted authentication questioninformation and the index number to the reproducing apparatus, via thenetwork; and (e) receiving authentication answer information that is aresult of a predetermined decryption and the index number from thereproducing apparatus, and performing the authentication.
 10. The methodas claimed in claim 9, wherein step (c) comprises: (c1) generating anencryption key by applying a one way function to a title keycorresponding to the content ID and the index number; and (c2)encrypting authentication question information corresponding to theindex number using the encryption key.
 11. The method as claimed inclaim 9, wherein step (d) comprises: transmitting the encryptedauthentication question information, the index number, and informationof a decryption function to be performed by the reproducing apparatus,to the reproducing apparatus.
 12. The method as claimed in claim 9,wherein step (d) comprises: transmitting the encrypted authenticationquestion information, the index number, and decryption program codes tobe performed by the reproducing apparatus, to the reproducing apparatus.13. The method as claimed in claim 9, wherein step (e) comprises: (e1)receiving the authentication answer information and the index number,which are a result of a predetermined decryption using theauthentication question information and the index number, from thereproducing apparatus; and (e2) comparing the authentication questioninformation corresponding to the index number received from thereproducing apparatus and the authentication answer information, and ifthe authentication question information matches the authenticationanswer information, approving the content request, and if theauthentication question information does not match the authenticationanswer information, rejecting the content request.
 14. An authenticatingmethod in a reproducing apparatus, the method comprising: (a)transmitting a request for a desired content from a server and alongwith a content ID of the desired content to the server, via a network;(b) receiving predetermined authentication data including encryptedauthentication question information and an index number from the server,via the network; (c) generating a decryption key by applying a one wayfunction to a title key corresponding to the content ID and the indexnumber; (d) generating authentication answer information by decryptingthe encrypted authentication question information using the decryptionkey; and (e) transmitting the authentication answer information and theindex number to the server, via the network.
 15. The method as claimedin claim 14, wherein step (b) comprises: receiving encryptedauthentication question information, an index number, and a informationof the decryption function to be performed in step (d) from the server,via the network.
 16. The method as claimed in claim 14, wherein step (b)comprises: receiving encrypted authentication question information, anindex number, and predetermined decryption program codes from theserver, via the network, and wherein step (d) comprises: decrypting theencrypted authentication question information by executing thepredetermined decryption program codes.
 17. An apparatus, comprising: areader arranged to read an interactive content recorded on a recordingmedium; and a presentation engine arranged to access to a remote server,via a network, and to provide a visual display of the interactivecontent from one of the recording medium and the remote server on ascreen for user selection, wherein, when a desired content selected by auser which requires authentication prior to access rights, thepresentation engine requests authentication from the remote server, viathe network, upon receipt of an authentication markup document from theremote server without displaying the authentication markup document onthe screen, and if authentication is successful, receives the desiredcontent from the remote server, via the Internet, for a visual displayon the screen, and if the authentication is not successful, receives amessage notifying an authentication failure from the remote server, viathe Internet, for a visual display on the screen.
 18. The apparatus asclaimed in claim 17, wherein the presentation engine extracts IDinformation including a type of a recording medium and a pattern ofcontents recorded on the recording medium, from the recording mediumafter executing the authentication markup document, and transmitsextracted ID information to the remote server, via the Internet, forauthentication.
 19. The apparatus as claimed in claim 17, wherein thepresentation engine supports an API for extracting ID information forauthentication from the recording medium.
 20. The apparatus as claimedin claim 17, wherein, when the desired content is requested from theremote server, the presentation engine is configured to: transmit arequest for the desired content and a content ID of the desired contentto the remote server, via the network; decrypt authentication datareceived from the remote server, including encrypted authenticationquestion information, an index number and information of a decryptionfunction, and transmit authentication answer information and the indexnumber as a result of decryption to the remote server, via the network,for authentication.
 21. The apparatus as claimed in claim 17, wherein,when the desired content is requested from the remote server, the remoteserver is configured to: receive a request for the desired content and acontent ID of the desired content from the presentation engine, via thenetwork; generate an index number; apply a one-way function to a titlekey corresponding to the content ID and the index number to generate anencryption key; encrypt authentication question information using theencryption key; and transmit encrypted authentication questioninformation, the index number and information of a decryption functionto the presentation engine, via the network.
 22. The apparatus asclaimed in claim 21, wherein, when the desired content is requested fromthe remote server, the presentation engine is configured to: receive theencrypted authentication question information, the index number andinformation of a decryption function from the remote server, via thenetwork; apply a one-way function to a title key corresponding to thecontent ID and the index number to generate a decryption key; decryptthe encrypted authentication question information using the decryptionkey; and transmit authentication answer information and the index numberto the remote server, via the network, for authentication with theauthentication question information.
 23. The apparatus as claimed inclaim 22, wherein the access rights to the desired content are grantedif the authentication question information matches with theauthentication answer information.
 24. The apparatus as claimed in claim22, wherein the access rights to the desired content are denied if theauthentication question information does not match with theauthentication answer information.